There is a large body of work studying what forms of computational hardness are needed to realize classical cryptography. In particular, one-way functions and pseudorandom generators can be built from each other, and thus require equivalent computational assumptions to be realized. Furthermore, the existence of either of these primitives implies that $\rm{P} \neq \rm{NP}$, which gives a lower bound on the necessary hardness. One can also define versions of each of these primitives with quantum output: respectively one-way state generators and pseudorandom state generators. Unlike in the classical setting, it is not known whether either primitive can be built from the other. Although it has been shown that pseudorandom state generators for certain parameter regimes can be used to build one-way state generators, the implication has not been previously known in full generality. Furthermore, to the best of our knowledge, the existence of one-way state generators has no known implications in complexity theory. We show that pseudorandom states compressing $n$ bits to $\log n + 1$ qubits can be used to build one-way state generators and pseudorandom states compressing $n$ bits to $\omega(\log n)$ qubits are one-way state generators. This is a nearly optimal result since pseudorandom states with fewer than $c \log n$-qubit output can be shown to exist unconditionally. We also show that any one-way state generator can be broken by a quantum algorithm with classical access to a $\rm{PP}$ oracle. An interesting implication of our results is that a $t(n)$-copy one-way state generator exists unconditionally, for every $t(n) = o(n/\log n)$. This contrasts nicely with the previously known fact that $O(n)$-copy one-way state generators require computational hardness. We also outline a new route towards a black-box separation between one-way state generators and quantum bit commitments.

翻译：大量研究工作致力于探讨实现经典密码学所需的计算困难性形式。特别地，单向函数与伪随机生成器可互相构造，因此需等价的计算假设方可实现。此外，这两类原语的存在性蕴含$\rm{P} \neq \rm{NP}$，这给出了所需困难性的下界。我们同样可定义这些原语带量子输出的版本：分别对应单向态生成器与伪随机态生成器。不同于经典情形，目前尚不清楚这两类原语能否互相构造。尽管已证明特定参数范围内的伪随机态生成器可用于构造单向态生成器，但该蕴含关系在完全一般性下此前未获知。此外，据我们所知，单向态生成器的存在性在复杂性理论中尚无已知推论。本文证明：将$n$比特压缩为$\log n + 1$量子比特的伪随机态可用于构造单向态生成器，而将$n$比特压缩为$\omega(\log n)$量子比特的伪随机态本身就是单向态生成器。这一结果近乎最优，因为输出少于$c \log n$量子比特的伪随机态已被证明可无条件存在。我们还证明任何单向态生成器均可被具有经典访问$\rm{PP}$谕示能力的量子算法破解。本文结果的一个有趣推论是：对于每个$t(n) = o(n/\log n)$，$t(n)$-副本单向态生成器无条件存在。这与已知的$O(n)$-副本单向态生成器需计算困难性的事实形成鲜明对比。我们亦勾勒出实现单向态生成器与量子比特承诺之间黑盒分离的新路径。